diff --git a/include/types/server.h b/include/types/server.h
index b009e1bad..21366a90a 100644
--- a/include/types/server.h
+++ b/include/types/server.h
@@ -169,6 +169,7 @@ struct server {
 	int check_data_len;			/* length of partial check results stored in check_data */
 
 #ifdef USE_OPENSSL
+	int use_ssl;				/* ssl enabled */
 	struct {
 		SSL_CTX *ctx;
 		SSL_SESSION *reused_sess;
diff --git a/src/cfgparse.c b/src/cfgparse.c
index d8b7e6dbe..06559e6b6 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4144,6 +4144,9 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 			newsrv->onerror		= curproxy->defsrv.onerror;
 			newsrv->consecutive_errors_limit
 						= curproxy->defsrv.consecutive_errors_limit;
+#ifdef OPENSSL
+			newsrv->use_ssl		= curproxy->defsrv.use_ssl;
+#endif
 			newsrv->uweight = newsrv->iweight
 						= curproxy->defsrv.iweight;
 
@@ -4380,6 +4383,17 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
 				newsrv->health = 0;
 				cur_arg += 1;
 			}
+			else if (!strcmp(args[cur_arg], "ssl")) {
+#ifdef USE_OPENSSL
+				newsrv->use_ssl = 1;
+				cur_arg += 1;
+#else /* USE_OPENSSL */
+				Alert("parsing [%s:%d]: '%s' option not implemented.\n",
+				      file, linenum, args[cur_arg]);
+				err_code |= ERR_ALERT | ERR_FATAL;
+				goto out;
+#endif /* USE_OPENSSL */
+			}
 			else if (!defsrv && !strcmp(args[cur_arg], "observe")) {
 				if (!strcmp(args[cur_arg + 1], "none"))
 					newsrv->observe = HANA_OBS_NONE;
@@ -6340,6 +6354,45 @@ int check_config_validity()
 				newsrv->minconn = newsrv->maxconn;
 			}
 
+#ifdef USE_OPENSSL
+#ifndef SSL_OP_NO_COMPRESSION     /* needs OpenSSL >= 0.9.9 */
+#define SSL_OP_NO_COMPRESSION 0
+#endif
+#ifndef SSL_MODE_RELEASE_BUFFERS  /* needs OpenSSL >= 1.0.0 */
+#define SSL_MODE_RELEASE_BUFFERS 0
+#endif
+#ifndef SSL_OP_NO_COMPRESSION     /* needs OpenSSL >= 0.9.9 */
+#define SSL_OP_NO_COMPRESSION 0
+#endif
+			if (newsrv->use_ssl) {
+				int ssloptions =
+					SSL_OP_ALL | /* all known workarounds for bugs */
+					SSL_OP_NO_SSLv2 |
+					SSL_OP_NO_COMPRESSION;
+				int sslmode =
+					SSL_MODE_ENABLE_PARTIAL_WRITE |
+					SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
+					SSL_MODE_RELEASE_BUFFERS;
+
+				/* Initiate SSL context for current server */
+				newsrv->ssl_ctx.reused_sess = NULL;
+				newsrv->data = &ssl_sock;
+				newsrv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
+				if(!newsrv->ssl_ctx.ctx) {
+
+					Alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
+						proxy_type_str(curproxy), curproxy->id,
+						newsrv->id);
+						cfgerr++;
+						goto next_srv;
+				}
+
+				SSL_CTX_set_options(newsrv->ssl_ctx.ctx, ssloptions);
+				SSL_CTX_set_mode(newsrv->ssl_ctx.ctx, sslmode);
+				SSL_CTX_set_verify(newsrv->ssl_ctx.ctx, SSL_VERIFY_NONE, NULL);
+				SSL_CTX_set_session_cache_mode(newsrv->ssl_ctx.ctx, SSL_SESS_CACHE_OFF);
+			}
+#endif /* USE_OPENSSL */
 			if (newsrv->trackit) {
 				struct proxy *px;
 				struct server *srv;